Roland Turner

about | contact

A first look inside the generally-available TraceTogether tokens

On September 14 the population-wide rollout of the token began. I collected mine two days later for use while running because they're much easier to carry and to waterproof than a phone is. Today I finally got around to opening it up. (more)

TraceTogether Token Teardown Time!

Singapore's Minister for Foreign Affairs and Minister-in-Charge of the Smart Nation Initiative — Vivian Balakrishnan — invited several makers and open-source advocates to a session with GovTech on Friday, during which a teardown of the first version of the TraceTogether token was performed. The purpose of the session included allowing us an opportunity to examine and learn about the token, and to propose improvements. (more)

9V1RS Testing on 2019-09-01 and next steps

Several months ago I observed an interfering signal very close to the repeater's input frequency (145.075MHz vs. 145.025MHz), which might conceivably push the receiver's AGC down to the point that weaker on-frequency signals fail to successfully lock the PLL so the receiver would not successfully demodulate them. (more)

Information for Data Subjects - A Side-by-Side Comparison of GDPR Articles 13 and 14

Articles 13 and 14 set out the information that is to be provided when personal data is collected from the data subject or not obtained from the data subject, respectively. The rationale for imperfectly duplicating much of the text from Article 13 into Article 14 is not immediately obvious, and remains unclear even after close examination. (more)

28756E6B6E6F776E207573657229 == "(unknown user)". 28696E76616C6964207573657229 == "(invalid user)".

For the benefit of those finding these two strings in ssh audit logs. I can readily understand the desire to not present questionable usernames directly in audit log entries in order to prevent various injection attacks in viewing environments, and doing so by either hex-encoding the username, or replacing it with unknown or invalid, but doing both doesn't seem to make much sense. (more)

I appear in 1,203 advertiser contact lists added to Facebook

In case anyone was unclear on the extent to which data brokers are disclosing personal data without any form of accountability to the people in question, do have a look at Facebook's list of advertisers "who use a contact list added to Facebook". (more)

Legally Obtaining IEEE 802 Standards Free of Charge

I am perhaps a little late to the party, but I've just noticed that IEEE 802-series standards are generally available free of charge upon request. This does not meet any of the requirements for Creative Commons, Free Software, or Open Source Software, (in particular you can't distribute them) but is at least a step up from having to either fork out a lot of money. (more)

The Seven Properties of Highly Secure Devices

I've just noticed an interesting piece of work from Microsoft last year which both (a) identifies a minimum useful set of security properties for Internet-connected devices and (b) develops a working prototype with MediaTek to demonstrate how little change to an existing microcontroller is required to make this work. (more)

GDPR for Star Wars Fans

I felt a great disturbance in the Internet, as if millions of non-consensual direct-marketing lists suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened.


The Ones Who Walk Away from Facebook

I have started a long-term project to substantially reduce my use of Facebook and increase my engagement with friends elsewhere, rather than outright quitting. I am interested to know where others are with this. (more)